By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

released details about a serious zero-day vulnerability in Windows XP that could leave an open hole for a remote attacker.

A real attack would barely be noticable to the victim ... Perhaps the only unavoidable signal would be the momentary appearance of the Help Center window before the attacker hides it. Tavis OrmandyengineerGoogle

The flaw is contained in the Windows Help and Support Center, a Web-based feature providing technical support to end users. In an advisory posted by Ormandy this week on the Full Disclosure mailing list, Ormandy explained the severity of the flaw and also released proof-of-concept code demonstrating how it works. The researcher said the error resides within the protocol handler within the support tool, which whitelists Web-based support documents.

"This design, introduced in SP2, is reasonably sound," he wrote. "A whitelist of trusted documents is a safe way of allowing interaction with the documentation from less-trusted sources. Unfortunately, an implementation error in the whitelist allows it to be evaded."

A successful cross-site scripting (XSS) attack can be carried out remotely and enable an attacker to execute code and take complete control of a victim's machine. The exploit works in Windows XP and Windows Server 2003 using many major browsers, including Internet Explorer 8, according to Ormandy.

The proof-of-concept uses Windows Media Player 9 to exploit the error. The media player is available by default in Windows XP. Other versions of the media player can also be used, he wrote.

"A real attack would barely be noticable to the victim," Ormandy wrote. "Perhaps the only unavoidable signal would be the momentary appearance of the Help Center window before the attacker hides it."

Microsoft issued a statement Thursday admonishing Ormandy for disclosing details about the vulnerability so quickly. In the Microsoft Security Response Center Blog, Microsoft's Mike Reavey director of the MSRC, said the vulnerability was reported on June 5, giving engineers only three days to determine the severity of the issue and investigate further.

"Public disclosure of the details of this vulnerability and how to exploit it, without giving us time to resolve the issue for our potentially affected customers, makes broad attacks more likely and puts customers at risk," Reavey said.

Reavey said the vulnerability is limited to Windows XP and Windows Server 2003. So far no active attacks have been reported in the wild.

As a workaround, Microsoft urged users to unregister the HCP protocol to protect against an attack. The workaround has been used successfully in similar vulnerabilities in the past. By default, the protocol is permitted to use the Help and Support Center feature.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy